Privacy Policy

PlateAI Effective Date: 1 May 2026 Last Updated: 1 May 2026

PlateAI ("the App") is operated by Sigentra ("we," "us," or "our"), a company registered in the United Kingdom. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the PlateAI mobile application.

By using PlateAI, you agree to the practices described in this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — provided through your Google or Apple sign-in.
• Authentication identifiers — a unique user ID generated by your sign-in provider to maintain your session.

We do not collect your name, phone number, or physical address.

1.2 Nutritional & Health Data

When you use the App, we collect:

• Food plate photographs — images you capture using your device's camera.
• Nutritional analysis results — calories, protein, carbohydrates, fat, and identified food items generated by our AI analysis.
• Eaten percentage — the portion of each meal you indicate you consumed.
• Fitness goals and macro targets — daily calorie, protein, carb, and fat goals you set during onboarding or in your profile settings.

1.3 Transaction Data

When you purchase credits through the App:

• Purchase records — we receive confirmation of your in-app purchases from RevenueCat, our payment processing partner. We do not collect or store your credit card number, billing address, or other financial details. All payment processing is handled by Apple through the App Store.

1.4 User Feedback

If you choose to submit feedback through the App, we collect:

• Feedback category and message content — any text you voluntarily provide.
• Associated plate ID — if your feedback relates to a specific scan.

1.5 Information We Do NOT Collect

• We do not access your photo library. The App uses your camera for live capture only.
• We do not collect location data.
• We do not use analytics, advertising, or tracking SDKs.
• We do not use cookies or similar tracking technologies.

2. How We Use Your Information

We use your information solely to provide and improve the PlateAI service:

| Purpose | Data Used | |---|---| | Create and manage your account | Email, authentication ID | | Analyse food plates using AI | Plate photographs | | Display nutritional tracking and insights | Analysis results, eaten percentages, goals | | Process credit purchases | Transaction confirmations from RevenueCat | | Respond to your feedback | Feedback messages | | Enforce usage limits (credits) | Account ID, credit balance |

We do not sell, rent, or share your personal data with advertisers or data brokers.

3. Third-Party Services

We use the following trusted third-party services to operate PlateAI:

3.1 Supabase

• Purpose: Database hosting, user authentication, and image storage.
• Data stored: Account information, plate records, nutritional data, plate images, and profile settings.
• Server location: United States (us-east-1).
• Privacy policy: https://supabase.com/privacy

3.2 Google Vertex AI (Gemini)

• Purpose: AI-powered food recognition and nutritional analysis.
• Data sent: Plate photographs are sent to Google's Vertex AI API for analysis. Images are processed in real time and are not retained by Google for model training under our enterprise API terms.
• Privacy policy: https://cloud.google.com/terms/cloud-privacy-notice

3.3 RevenueCat

• Purpose: In-app purchase management and credit fulfilment.
• Data shared: Anonymous app user ID and purchase transaction details.
• Privacy policy: https://www.revenuecat.com/privacy

3.4 Apple Sign-In / Google Sign-In

• Purpose: Secure authentication.
• Data received: Email address and authentication tokens.
• These services are governed by Apple's Privacy Policy and Google's Privacy Policy respectively.

4. Apple Health (HealthKit)

PlateAI integrates with the Apple Health app (HealthKit) to sync your nutritional data.

• We do not use your HealthKit data for marketing or advertising purposes.
• We do not share your health data with third parties without your explicit consent.

5. Data Storage and Security

• Your data is stored on Supabase servers located in the United States (us-east-1).
• All data is transmitted over encrypted connections (TLS/SSL).
• Database access is protected by Row Level Security (RLS), ensuring that each user can only access their own data.
• Plate images are stored in private buckets accessible only to the authenticated owner.
• We implement industry-standard security measures to protect your data from unauthorised access, alteration, or destruction.

International Transfers

As our servers are located in the United States, your data will be transferred outside the United Kingdom. We rely on Supabase's data processing agreements and standard contractual clauses to ensure appropriate safeguards are in place, in compliance with UK GDPR.

6. Data Retention

• Account and profile data is retained for as long as your account is active.
• Plate images and analysis results are retained indefinitely so you can review your meal history. You may delete individual plates at any time through the App, which permanently removes both the database record and the stored image.
• Feedback submissions are retained for up to 12 months.
• Upon account deletion, all of your data — including your profile, plates, images, and feedback — is permanently deleted from our systems.

7. Your Rights

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:

• Access — You can request a copy of the personal data we hold about you.
• Rectification — You can update your profile and goals at any time through the App.
• Erasure — You can delete individual plates at any time. You can also delete your entire account from Settings, which permanently removes all your data.
• Data portability — You can request your data in a machine-readable format.
• Objection — You may object to the processing of your data in certain circumstances.
• Restriction — You may request that we restrict the processing of your data.

To exercise any of these rights, please contact us at contact@sigentra.com. We will respond within 30 days.

8. Children's Privacy

PlateAI is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at contact@sigentra.com and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Sigentra Email: contact@sigentra.com

11. Legal Basis for Processing (UK GDPR)

| Processing Activity | Legal Basis | |---|---| | Account creation and authentication | Performance of a contract | | AI food analysis and nutritional tracking | Performance of a contract | | Credit purchase processing | Performance of a contract | | Weekly credit refill | Legitimate interest | | Responding to user feedback | Legitimate interest | | Account and data deletion | Legal obligation |